What Is DNS? How the Domain Name System Works

DNS (Domain Name System) is often called the "phonebook of the internet." It translates human-readable domain names like google.com into machine-readable IP addresses like 142.250.80.46. Without DNS, you would need to memorize numerical IP addresses for every website you visit.

DNS is a distributed, hierarchical system — there is no single DNS server that stores every domain name. Instead, the workload is distributed across millions of servers worldwide, each responsible for a portion of the namespace. This makes DNS incredibly resilient and fast.

When you type a URL into your browser, here is exactly what happens:

1. Browser cache check: Your browser first checks its own cache to see if it recently looked up this domain. If found, it uses the cached IP immediately.
2. OS cache check: If not in the browser cache, the request goes to your operating system's DNS resolver cache.
3. Recursive resolver: If not cached locally, the query is sent to a recursive DNS resolver (usually operated by your ISP, or a public resolver like 8.8.8.8 or 1.1.1.1).
4. Root nameserver: The recursive resolver queries one of the 13 root nameserver clusters. The root server doesn't know the IP, but it knows which TLD nameserver handles .com, .org, .net, etc.
5. TLD nameserver: The TLD (Top-Level Domain) nameserver for .com directs the resolver to the authoritative nameserver for the specific domain.
6. Authoritative nameserver: This server holds the actual DNS records for the domain and returns the IP address.
7. Response returned: The IP travels back through the chain to your browser, which opens a connection to the web server.

This entire process typically completes in under 100 milliseconds. Each server along the way caches the result according to the record's TTL (Time to Live), so subsequent lookups are much faster.

DNS is organized in a tree-like hierarchy:

Root zone (.): The top of the DNS hierarchy. There are 13 root nameserver addresses (labeled A through M), operated by organizations including ICANN, Verisign, NASA, and the US Department of Defense. In reality, there are hundreds of physical servers behind these 13 addresses, distributed globally via anycast.

Top-Level Domains (TLDs): These sit directly below the root — examples include .com, .org, .net, .uk, .io, and newer ones like .dev, .app, and .blog. Each TLD is managed by a registry organization (e.g., Verisign manages .com).

Second-level domains: These are the domains people register — like google.com, github.com, or lookmyip.com.

Subdomains: Created by the domain owner — like mail.google.com, blog.example.com, or api.lookmyip.com. Subdomains can be nested multiple levels deep.

Recursive resolvers: These do the heavy lifting. When they receive a query, they chase it through the DNS hierarchy until they get an answer. Your ISP runs recursive resolvers, and public ones include Google (8.8.8.8), Cloudflare (1.1.1.1), and OpenDNS (208.67.222.222).

Authoritative nameservers: These are the definitive source of DNS records for a domain. When you set DNS records at your hosting provider or domain registrar, you're configuring an authoritative nameserver.

Root nameservers: The starting point for resolving any domain name. They direct queries to the appropriate TLD nameservers.

Forwarding/caching servers: Some organizations run local DNS servers that simply forward queries to an upstream resolver and cache the results. This speeds up lookups for users on the local network.

DNS_PROBE_FINISHED_NXDOMAIN: The domain doesn't exist in DNS. Either the domain is misspelled, hasn't been registered, or its DNS records have been deleted.

DNS_PROBE_FINISHED_NO_INTERNET: Your device can't reach any DNS server. Check your network connection, restart your router, or try changing your DNS server.

Slow DNS resolution: If websites take a long time to load initially but are fast after, your DNS resolver may be slow. Switch to a faster public DNS like Cloudflare (1.1.1.1) or Google (8.8.8.8).

DNS cache poisoning: A malicious attack that inserts fake records into a DNS cache, redirecting users to malicious sites. DNSSEC (DNS Security Extensions) protects against this.

Stale DNS cache: After changing DNS records, you may still see old results. Flush your local DNS cache and wait for the TTL to expire on upstream resolvers. Use LookMyIP's DNS Propagation Checker to monitor the rollout.